Penetration Testing Engineer- VP
About The Position
We are seeking a Senior Penetration Testing Engineer to join State Street’s Penetration Testing Team, reporting to the Penetration Testing Team Manager. This role sits within the Threat Intelligence and Assurance organization and is a deeply technical engineering position with strong hands-on expectations. You will serve as a subject matter expert in application penetration testing, executing detailed assessments and contributing to the design and oversight of network penetration testing performed in partnership with third-party providers. The focus of this role is on building and applying rigorous, repeatable testing approaches that evaluate security control effectiveness and real-world exploitability across complex systems. Operating in a highly regulated banking environment, you will ensure testing outputs are technically sound, evidence-based, and aligned to risk and audit expectations. You will work closely with engineering and infrastructure teams to analyze root causes, validate fixes, and drive improvements in secure system design and implementation.
Requirements
- 5+ years in penetration testing with strong experience across both application and network testing in high-security/highly regulated environments.
- Experience managing third-party penetration testing vendors, including quality validation and outcome assurance.
- Deep expertise in application penetration testing (web, APIs, mobile) and solid understanding of enterprise network attack paths.
- Strong knowledge of modern architectures (cloud-native, microservices, identity platforms, CI/CD pipelines).
- Ability to translate technical findings into actionable, risk-based remediation guidance and influence stakeholders.
Nice To Haves
- experience using AI/LLM tools to perform network and application penetration testing and configuration/security reviews.
- BS/MS in relevant field; OSCP/OSEP/OSWE, GPEN/GXPN, GWAPT, PNPT, GCPN, or similar.
Responsibilities
- Design and manage third-party network penetration tests, including scoping, vendor selection, rules of engagement, quality assurance, and validation of results.
- Lead end-to-end application penetration testing across internal and third-party providers (web, API), including scoping, execution, exploitation, and retesting.
- Perform advanced testing across authn/authz, business logic, injection, API abuse, crypto misuse, and access control weaknesses.
- Establish and enforce testing standards for both internal teams and external vendors to ensure consistency, depth, and regulatory defensibility.
- Deliver high-quality, regulator-ready reporting with clear exploitability, risk context, and actionable remediation guidance.
- Lead the use of AI/LLM-enabled testing techniques and conduct assurance testing of enterprise AI/LLM deployments (e.g., prompt injection, model abuse, data exposure risks).
- Partner with engineering and infrastructure teams to validate remediation, reduce recurrence, and strengthen secure development and deployment practices.
Benefits
- our retirement savings plan (401K) with company match
- insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages
- paid-time off including vacation, sick leave, short term disability, and family care responsibilities
- access to our Employee Assistance Program
- incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans)
- eligibility for certain tax advantaged savings plans
- inclusive development opportunities
- flexible work-life support
- paid volunteer days
- vibrant employee networks
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
